I am trying to setup Mutual SSL communication between Portal and Gateway. I have done all the necessary thing that are suggested in the documentation. However, I couldn't achieve what I want. For some reason, the Portal service calls from API Portal to Gateway is going with Basic authentication rather than certificate based authentication.

The SSG log shows the following: 2018-04-25T06:20:08.398+0100 INFO 838 com.l7tech.server.policy.assertion.ServerSslAssertion: 4113: No Client Certificate was present in the request

However what we expect is the following: 2018-04-30T10:49:33.749+0100 INFO 3346 com.l7tech.server.policy.assertion.ServerSslAssertion: 4114: Found client certificate for CN=xxxx-yyyy.domain.com(portal_hostname)

Additionally, in the audits I see it using "HTTP Basic" authentication rather than "HTTPS Client Certificate"

Environment:

Portal 3.5 & Gateway 9.x

Cause:

For SSL authentication to function properly between the Portal and Gateway, the protocols TLS 1.1 and TLS 1.2 cannot be enabled on the Gateway for the port being used.

Resolution:

We recommend that you create another 'Listen Port' purely for the Portal to use which does not have TLS 1.1 or 1.2 enabled and requires client authentication.

Login to Policy Manager using port other than which is being changed. To login like that, use <hostname>:<port> in the Policy Manager Connection window.

Edit the port which is used for portal gateway communication to disable TLS 1.1 and TLS 1.2, or...

Create another port for the Portal to use which does not have TLS 1.1 and 1.2

Clone the portal which you were using before (example 8443). This can be done from Task--> Manager Listen Ports----> 8443 -->clone